Skip to comments.Sneaky Microsoft plug-in puts Firefox users at risk
Posted on 10/20/2009 1:40:53 PM PDT by Cindy
Thanks to a special freepmailer for pointing to this article.
SNIPPET: "Computerworld - An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.
One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site."
(Excerpt) Read more at computerworld.com ...
on this step:
5. Open a new Firefox window, and in the address bar, type about:config and press Enter.
“the URL is not valid and cannot be loaded.
Anybody know what that’s about?
They are in a bit of a bind. If they don't release for Firefox extensions, they'll get accused of releasing Windows Updates only for IE users and hammered for that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.